Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Mailman Improper Input Validation Vulnerability (CVE-2018-13796)
WordPress Plugin Mz-jajak 'id' Parameter SQL Injection (2.1)
mod_ssl Other Vulnerability (CVE-2002-0082)
WebLogic CVE-2021-2294 Vulnerability (CVE-2021-2294)
WordPress Plugin Simple Business Directory with Maps PHP Object Injection (3.6.0)